Beta Asuswrt-Merlin 386.2 Beta is now available

[cristobal07]

Yes , it looks like the same problem. Resetting the ax88 did not work. Will try resetting the WAN later on.

do you have DoT enabled as well?

 

[Adreno]

I had a problem with my AX88U: Clients can connect properly to the router and GUI does not show any problem but clients are not able to do DNS queries.

I have a Pi-hole acting as local DNS server and petitions to port 53 blocked in the Asus router via "Network Services Filter" (to avoid DNS queries from devices with DNS server IP's hardcoded, e.g. Google Home speakers).

Pi-hole is using DoH, not port 53.

If deactivated the "Network Services Filter", the clients had access to Internet again.

I had to return to 386.1_2 and everything is working properly again. Sorry, no logs details taken.

 

[gspannu]

Some strange things going on for me on this beta having seen probably the best ever performance on my network from Alpha 2 which was providing great WiFi connectivity and snappy performance with excellent bloat and latency from Cake on my 50/11 vDSL connection.

I first saw problems last night watching my on-demand TV service (SkyQ in UK) which downloads the content to the box rather than pure streaming. The programs start to play once a couple of % have downloaded, then it relies on the download being faster than it consumes. These downloads started to fail which is something I've never really seen before. It could of course be a Sky issue, but I couldn't find any other reports, and a full reboot of the equipment didn't help. The TV is all ethernet connected.

This morning one of my cameras - a Nest IQ Cam - was offline and has been suffering intermittent connectivity. This camera is usually very reliable and connects using 2.4Ghz WiFi.

My setup is slightly unusual that I am forced to use my ISP router and therefore I have my RT-AX88U behind in a double NAT setup. I'm wondering if the changes to Cake defaults have affected me as I've always used triple isolate in the past. I might try changing these.

To help the diagnosis of connectivity issues others have experienced, my RT-AX88U is configured for Static IP behind my ISP router (double NAT) with manually configured google DNS. I have no issues with internet connectivity.

I have seen the same problem with Sky Q well before this Beta version. I first noticed this in the release version of 386.1

 

[New2This]

do you have DoT enabled as well?

No issues here using DoT- Cira.ca- All clients can connect
But I also have them going through VPN

 

[cristobal07]

No issues here using DoT- Cira.ca- All clients can connect
But I also have them going through VPN

thought maybe something broken in DoT,
but the client connection issue only happened on first attempt.
once did the trick, disconnect and reconnect wan from gui,
it's working fine so far.

 

[shabbs]

I had a problem with my AX88U: Clients can connect properly to the router and GUI does not show any problem but clients are not able to do DNS queries.

I have a Pi-hole acting as local DNS server and petitions to port 53 blocked in the Asus router via "Network Services Filter" (to avoid DNS queries from devices with DNS server IP's hardcoded, e.g. Google Home speakers).

Pi-hole is using DoH, not port 53.

If deactivated the "Network Services Filter", the clients had access to Internet again.

I had to return to 386.1_2 and everything is working properly again. Sorry, no logs details taken.

I use a Pi-hole (two actually) as well but do not use DoH for the upstream. What is your DNSFilter mode set to?

 

[Adreno]

What is your DNSFilter mode set to?

Off, I do not use DNSFilter.

 

[dazedandlost]

Here to report an effortless and flawless dirty u/g to 386.2_beta1 from 386.1_2 no observed issues with cake (very early hours) plus NordVPN. RT-AC86U 25down 1up xplornet tower based wireless (I envy those of you with fibre. .

Maybe it's time to implement a policy of inviting people to apply to beta test (and maybe have the scripting crowd be your alpha test crew). <shrug> couldn't hurt to build a more trusted and experienced bunch of people

With respect, I have been (and am) on both ends of this particular teeter-totter; desperately trying to avoid utter idiocy on the one hand and god-like arrogance on the other. Once in a long while, usually in spite of myself, I learn something and even, less frequently, will do a little better in the future.

I believe that most of us are fairly well intentioned and are actually hoping to help as best we can in hopelessly inadequate return for the work and product of (I’m being appreciative here, not sarcastic) our betters. I think we expect to be spanked (and hopefully taught, roughly even when we screw up.

At the end of the day, the warmth of your welcome is entirely up to you. I for one will accept and attempt to understand and comply as best as I am able.

Thanks to all for the firmware.

 

[RMerlin]

Now that the AX11000 is supported is it worth it without the ROG features?

The better question is, which ROG feature do you need? Because not everyone has similar needs.

Is the statistics even supposed to be compatible with Hardware accelerated NAT?

All the Trend Micro-related features such as Traffic Analyzer are compatible with NAT acceleration. It was the old IPTraffic feature of mine that wasn't, and that feature is not available on your router.

 

[RMerlin]

If deactivated the "Network Services Filter", the clients had access to Internet again.

Network Filter works through DNS. It will only allow DNS queries for the domains that you whitelist, and block any other query. So if you enable it and you don't whitelist any domain, then no domain will be able to be resolved.

 

[Kingp1n]

Just updated to try out the beta1.

Everything is working as intended. I've yet to try CAKE but maybe will test this weekend.

Appreciate everything you guys do here!

 

[JIPG]

Anybody notices increasing size of /jffs? It's been 24 hours more or less on alpha 2 and now on beta. I did a jffs reset so this file was 0 byte.. the file I'm talking about is in /jffs/.sys/diag_db. It's now 3.1M in size , and it's only been about 24h and still increasing it seems like. Any reasons why? Never seen this file on 384.19 as far as I can remember.

I'm on AC86U anyways..

I have observed the same. This log folder has one or more files (the number increase with time) and its size grows pretty quick compared with other databases (syslog, traffic, etc).

The content of the files has no too much relevant information (at least for me, e.g. lines as { "time": "1613288325", "event_name": "SYS", "node_type": "C", "node_ip": "192.168.1.1", "node_mac": "XX:XX:XX:XX:XX", "fw_ver": "3.0.0.4.386.1_2", "tcode": "EU\/01", "AiProtection": "1", "usb_mode": "1", "acceleration": "0,0" }).

From time to time, I delete the files in this folder through ssh. It seems that it does not produce any harm, but any advice about its nature is welcomed.

 

[brummygit]

I'm still having problems - random devices seem to be having connectivity issues.

My house alarm just notified me that it's on cellular backup as it lost internet access, then came back online a minute or so later. It uses a wired ethernet connection to my RT-AX88U main router. Looking further I think there are DHCP issues which might explain why a full factory reset got me working again for a few hours.

The alarm system has an IP address which is NOT the reservation that's been entered in the DHCP server. I've double checked the MAC address and it's not shown in the list of DHCP leases on the System Log - DHCP Leases tab either as the current IP or the reserved IP. Furthermore, hitting the refresh button seems very slow to refresh, and my Ring devices seem to be renewing their leases every few minutes.

I might be seeing problems ahead of others as I use a 2 hour lease duration when in upgrade cycles so that devices refresh their network config frequently when I'm rebooting the router. I use YazDHCP although not sure if this will be the issue.

 

[mohsha]

Now that the AX11000 is supported is it worth it without the ROG features?

Yes, of course. I don't use any of the ROG features. I bought the router for the triband features at a great price and I am happy that is supported by Merlin now.

 

[Adreno]

Hi, thanks for your response.

Network Filter works through DNS.

I use it for block all conections to port 53 in order to force some devices to use the DNS server IP specified in WAN config (Pi-hole inside my LAN):

I have been using this way with no problems for months, in fact, it's working properly now: All devices in my LAN (including those with the DNS IP servers hardcoded) are asking Pi-hole for DNS queries, it's not posible to use port 53 (Pi-hole using 443 TCP for queries).

But, I do not why, with 386.2 Beta 1 seems that DNS queries are completely blocked. I've installed back 386.1_2 and it's working again (same config - no resets).

Thanks @RMerlin !!

 

[MvW]

Not a bug report regarding this beta, but just a heads up for those of you using the add-on SpdMerlin and have AutoBW activated, it looks like builtin Cake in this beta is not compatible with AutoBW, probably causing your up- and downstream to be drastically lowered over a period of approximately 24 hours.

See my experiences here: https://www.snbforums.com/threads/b...m-gradually-lowered-over-past-24-hours.71067/

For now, manually adjust to 95% of your actual upstream and downstream bandwidth (run a speedtest after you changed the values to 95% of the theoretical max up- and downstream, re-adjust the values to 95% of realistic values) and disable AutoBW for now until a solution is found.

Best regards,
Marco

 

[shabbs]

Hi, thanks for your response.



I use it for block all conections to port 53 in order to force some devices to use the DNS server IP specified in WAN config (Pi-hole inside my LAN):

View attachment 31867

View attachment 31868

I have been using this way with no problems for months, in fact, it's working properly now: All devices in my LAN (including those with the DNS IP servers hardcoded) are asking Pi-hole for DNS queries, it's not posible to use port 53 (Pi-hole using 443 TCP for queries).

But, I do not why, with 386.2 Beta 1 seems that DNS queries are completely blocked. I've installed back 386.1_2 and it's working again (same config - no resets).

Thanks @RMerlin !!

Hmmm - not sure you should be using your Pi-hole IPs for WAN DNS. That really should be an outside DNS server like Quad9 or Google etc... I'm wondering if the static route changes that Asus made have introduced this behaviour that may have been leaking through before.

FWIW, if you want to funnel all DNS LAN traffic to your Pi-hole, use DNSFilter with the Router setting and have your DHCP handout specify the Pi-hole IPs as their DNS. That's how I have mine setup.

 

[Adreno]

have your DHCP handout specify the Pi-hole IPs as their DNS

Pi-hole is acting as DHCP server in my LAN, not the router.

I'm wondering if the static route changes that Asus made have introduced this behaviour

Yep, I think so.

Thanks!!

 

[skeal]

On my AX88U this Beta is top drawer. I've thrown everything at this new Cake QOS and it just keeps going flawless. Video streaming, torrents, game updates all at once and work from home as well. This is ready for prime time @RMerlin

 

[goodwin_c]

A little bit more details about internet issues:
- disabled DoT on stable release. Updated to Beta 1 - few minutes after update with internet, and then it's gone again (still - internet itself is ok and available from router)
- decided to try "service restart_wan" - few minutes and internet restored
- then, next experiment - went to amtm and uninstalled Skynet - and tadaaam - no internet after Skynet uninstalling
So, I'm definitely suspecting that issue is somehow related to firewall. And on the Beta 1 - Skynet is always showing as Iptables failed